Updated the tlsCluster to accept v1.Secret

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
projectcontour · Jan 19, 2024 · cdb797a · cdb797a
1 parent 32bc763
commit cdb797a
Showing 5 changed files with 6 additions and 9 deletions.
diff --git a/internal/featuretests/kubernetes.go b/internal/featuretests/kubernetes.go
@@ -48,7 +48,6 @@ var ServerCertificate = certyaml.Certificate{
 var ClientCertificate = certyaml.Certificate{
 	Issuer:  &CACertificate,
 	Subject: "CN=client",
-	KeyType: certyaml.KeyTypeRSA,
 }
 
 var CRL = certyaml.CRL{

diff --git a/internal/featuretests/v3/backendcavalidation_test.go b/internal/featuretests/v3/backendcavalidation_test.go
@@ -103,7 +103,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) {
 	// assert that the cluster now has a certificate and subject name.
 	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
 		Resources: resources(t,
-			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), &featuretests.CACertificate, "subjname", "", nil, nil),
+			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), caSecret, "subjname", "", nil, nil),
 		),
 		TypeUrl: clusterType,
 	})
@@ -150,7 +150,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) {
 	// assert that the cluster now has a certificate and subject name.
 	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
 		Resources: resources(t,
-			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), &featuretests.CACertificate, "subjname", "", nil, nil),
+			tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), caSecret, "subjname", "", nil, nil),
 		),
 		TypeUrl: clusterType,
 	})

diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go
@@ -96,7 +96,7 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) {
 
 	c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{
 		Resources: resources(t,
-			tlsCluster(cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), &featuretests.CACertificate, "subjname", "", clientSecret, nil),
+			tlsCluster(cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), caSecret, "subjname", "", clientSecret, nil),
 		),
 		TypeUrl: clusterType,
 	})

diff --git a/internal/featuretests/v3/envoy.go b/internal/featuretests/v3/envoy.go
@@ -20,7 +20,6 @@ import (
 	"time"
 
 	envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
-	"github.com/tsaarni/certyaml"
 
 	envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
@@ -37,7 +36,6 @@ import (
 	contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1"
 	"github.com/projectcontour/contour/internal/dag"
 	envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3"
-	"github.com/projectcontour/contour/internal/featuretests"
 	"github.com/projectcontour/contour/internal/protobuf"
 	xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3"
 	"google.golang.org/protobuf/proto"
@@ -185,7 +183,7 @@ func cluster(name, servicename, statName string) *envoy_cluster_v3.Cluster {
 	})
 }
 
-func tlsCluster(c *envoy_cluster_v3.Cluster, ca *certyaml.Certificate, subjectName, sni string, clientSecret *v1.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_cluster_v3.Cluster {
+func tlsCluster(c *envoy_cluster_v3.Cluster, ca *v1.Secret, subjectName, sni string, clientSecret *v1.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_cluster_v3.Cluster {
 	var secret *dag.Secret
 	if clientSecret != nil {
 		secret = &dag.Secret{Object: clientSecret}
@@ -194,7 +192,7 @@ func tlsCluster(c *envoy_cluster_v3.Cluster, ca *certyaml.Certificate, subjectNa
 	// Secret for validation is optional.
 	var s *dag.Secret
 	if ca != nil {
-		s = &dag.Secret{Object: featuretests.CASecret("secret", ca)}
+		s = &dag.Secret{Object: ca}
 	}
 
 	c.TransportSocket = envoy_v3.UpstreamTLSTransportSocket(

diff --git a/internal/featuretests/v3/upstreamtls_test.go b/internal/featuretests/v3/upstreamtls_test.go
@@ -81,7 +81,7 @@ func TestUpstreamTLSWithHTTPProxy(t *testing.T) {
 		Resources: resources(t,
 			tlsCluster(
 				cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"),
-				&featuretests.CACertificate,
+				caSecret,
 				"subjname",
 				"",
 				clientSecret,